Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
- Maintainers
- 1
.. image:: https://img.shields.io/pypi/v/dataclasses.svg :target: https://pypi.org/project/dataclasses/
This is an implementation of PEP 557, Data Classes. It is a backport for Python 3.6. Because dataclasses will be included in Python 3.7, any discussion of dataclass features should occur on the python-dev mailing list at https://mail.python.org/mailman/listinfo/python-dev. At this point this repo should only be used for historical purposes (it's where the original dataclasses discussions took place) and for discussion of the actual backport to Python 3.6.
See https://www.python.org/dev/peps/pep-0557/ for the details of how Data Classes work.
A test file can be found at https://github.com/ericvsmith/dataclasses/blob/master/test/test_dataclasses.py, or in the sdist file.
Installation
.. code-block::
pip install dataclasses
Example Usage
.. code-block:: python
from dataclasses import dataclass
@dataclass class InventoryItem: name: str unit_price: float quantity_on_hand: int = 0
def total_cost(self) -> float:
return self.unit_price * self.quantity_on_hand
item = InventoryItem('hammers', 10.49, 12) print(item.total_cost())
Some additional tools can be found in dataclass_tools.py, included in the sdist.
Compatibility
This backport assumes that dict objects retain their insertion order. This is true in the language spec for Python 3.7 and greater. Since this is a backport to Python 3.6, it raises an interesting question: does that guarantee apply to 3.6? For CPython 3.6 it does. As of the time of this writing, it's also true for all other Python implementations that claim to be 3.6 compatible, of which there are none. Any new 3.6 implementations are expected to have ordered dicts. See the analysis at the end of this email:
https://mail.python.org/pipermail/python-dev/2017-December/151325.html
As of version 0.4, this code no longer works with Python 3.7. For 3.7, use the built-in dataclasses module.
Release History
+---------+------------+-------------------------------------+ | Version | Date | Description | +=========+============+=====================================+ | 0.8 | 2020-11-13 | Fix ClassVar in .replace() | +---------+------------+-------------------------------------+ | 0.7 | 2019-10-20 | Require python 3.6 only | +---------+------------+-------------------------------------+ | 0.6 | 2018-05-17 | Equivalent to Python 3.7.0rc1 | +---------+------------+-------------------------------------+ | 0.5 | 2018-03-28 | Equivalent to Python 3.7.0b3 | +---------+------------+-------------------------------------+
FAQs
A backport of the dataclasses module for Python 3.6
We found that dataclasses demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025